Next Article in Journal
The Role of Ergonomic Handrails in Inclusive Public Transport: User Aspects, Accident Risks and Design Guidelines
Previous Article in Journal
Bi-Objective Production–Distribution Planning for Paper Manufacturing: A Credibility-Based Expected Value Approach
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Engineering Proceedings
Volume 113
Issue 1
10.3390/engproc2025113057
engproc-logo
Submit to this Journal
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Proceeding Paper

Relationship of the Security Awareness and the Value Chain †

by
Gerda Bak
1,* and
Regina Reicher
2
1
Doctoral School on Safety and Security Sciences, Obuda University, József krt 6, H-1088 Budapest, Hungary
2
Department of Management and Entrepreneurship, Budapest University of Economics and Business, Alkotmány utca 9–11, H-1054 Budapest, Hungary
*
Author to whom correspondence should be addressed.
Presented at the Sustainable Mobility and Transportation Symposium 2025, Győr, Hungary, 16–18 October 2025.
Eng. Proc. 2025, 113(1), 57; https://doi.org/10.3390/engproc2025113057
Published: 12 November 2025
(This article belongs to the Proceedings of The Sustainable Mobility and Transportation Symposium 2025)
Browse Figure
Versions Notes

Abstract

Consumers and businesses are often connected online in today’s digitally connected world. Fast and barrier-free communication, easier and faster operation, and automation and networking of robots and production offer many competitive advantages. Recognizing the limiting factors of new technology, such as the significant dependency on technology and the vulnerability of IT devices, is crucial. As digitalization might increase the competitiveness of companies and have an impact on both the supply and value chains, we need to consider and assess their vulnerability from an information security perspective. Consequently, competitive advantage is not only about creating value more cost-efficiently and with higher quality but also about extracting the correct information from big data, interpreting and integrating it into business operations, and protecting it. This study proposes a fishbone model to help identify and overcome these challenges. It allows companies to identify the root cause of each information security incident.

1. Introduction

Digitalization affects the operations of many companies. On one hand, there is an opportunity to use new tools and technologies to make both their operation and production faster, more flexible, more transparent, and more cost-effective [1]. On the other hand, however, they face challenges such as the need to acquire new skills and abilities related to the use of digital tools, the need for strategic transformation, and the permanence of consumer interactions and information security risks [2,3]. Effective integration of digital innovation into a company’s operations can result in better customer experience, streamlined operations, and even new processes [4]. According to Fitzgerald and colleagues [4], improving the customer experience is one of the main drivers of digital transformation. Digital innovation contributes to digital transformation [5], which is also of strategic importance for companies, as it is necessary to accelerate intra-corporate investment in digital skills and innovation in the implementation of innovation [6]. According to Kikovska–Georgievska [7], the emergence and rapid growth of the Internet are affecting the way a company operates, and the Internet has enormously increased access opportunities in terms of distant markets. They also highlighted that companies are forced to accept new trading methods if they want to be successful in the market and meet the high expectations of customers.
The aim of this study is to create a model that helps business decision-makers prevent and remedy information security incidents with the help of cause-and-effect relationships.
Accordingly, we first describe the value chain model and its significance in the lives of enterprises and their impact on competitiveness. After that, we will discuss digitalization in businesses, and we will also cover information security (IS). In the second half of the study, the Ishikawa diagram of certain factors that could lead to IS incidents is presented based on the literature, which was set up along Porter’s value chain model. Finally, we discuss the significance of the concept, its usability, and possibilities for further development.

2. Literature Review

2.1. The Value Chain and Its Role in the Business

As organizations engage in digitalization, enhanced management processes are crucial for system efficiency [8]; however, digitalization does not inherently foster innovation [9,10], and digital transformation represents a multifaceted and ongoing evolution that many firms apprehend or undervalue [11]. Presently, organizations face persistent pressure to integrate digital technologies and modify their business frameworks accordingly [6,12]. Given that information and communication technologies (ICT) [13] and industrial revolutions can significantly alter corporate operations and reshuffle market competition [14,15], it is imperative to examine the correlation between security consciousness in ICT utilization and the Porter value chain. In this research, digital platforms encompass the software, websites, and applications utilized by employees in their professional roles.
Porter [16], in its terms, a value chain is a series of activities in which a company produces value, whether it is a product or a service, and consumers are willing to pay for it. Within the value chain, processes can be classified into two large groups (primary or supporting activities), as illustrated in the Porter value chain model. It should also be mentioned in connection with the model that although Porter’s basic concept is the starting point of the theory in the present study, there is also an extended version of the value chain that has evolved due to the importance of the supply chain [17]. Because the focus of our research is on security awareness, and one of its elements is intercompany communication and the company’s inbound and outbound data flow, the extended model will play a role in this regard. Primary activities are related to the physical creation, sale, and delivery of the product/service to the customer, as well as after-sales assistance. These include inbound logistics, production, marketing, outbound logistics, and product-related services. By contrast, supporting activities support primary activities by providing acquired inputs, technology, human resources, and various company functions. Support activities include corporate infrastructure, HR management, research and development, and procurement [16]. The value chain of suppliers and consumers is linked to the aforementioned value chain as an external element [18]. These value chains, sequential and complementary, form a larger value system for the sake of the final product or service [19]. The significance of the value chain model is that it allows the company to assess and identify the added value of each activity in the production process during the production of the given product/service, or the costs associated with the given activity. It can also provide a benchmark for competitor situations [20]. In addition, in some cases, it allows for a high level of satisfaction with consumer needs.
Although the definition of enterprise competitiveness is not uniform and requires further research [21], most studies agree that a company’s competitiveness is also influenced by the competitiveness of the product or service it produces [22]. The factors that determine competitiveness can also be examined according to whether they occur within or outside the company. In this context, it is worth mentioning the name of Kotler, who says that the company cannot influence the factors that affect its competitiveness from the outside, but adapting to them is vital [23]. Only a small part of the research on competitiveness focuses on the internal factors and resources of a company [24].
An increasing number of studies have been conducted on digital value chains [25,26,27]. According to the literature, digital value chains include corporate processes based on digital solutions and the transformation of traditional corporate processes into digital forms. The digital value chain is in opposition to the traditional value chain, which describes a company’s traditional value-creation process. The reorganization and transformation of value chains provide an opportunity to understand the internal reform of corporate digital transformation. The essence of value chain transformation is that companies adapt their value-creating activities to research and development (R&D) and the changing process of production and sales to create a new value chain that is appropriate for the market [28]. Existing literature approaches the factors and mechanisms that influence corporate digital transformation from the perspective of digital resources, dynamic capability, and strategic choice [9,12,29]. Another factor to mention is that publications in the literature look at the traditional value chain rather than the digital version of the value chain [30].

2.2. The Importance of Digitalization for Businesses

Digitalization plays a vital role in enabling companies to develop strong relationships with stakeholders [31]. According to Li et al. [32], through digitalization, companies can dramatically improve their interactions with stakeholders so that they can better search, share, store, and analyze information and resources. According to Williamson and Meyer [33], ICT tools allow companies to harmonize widely dispersed knowledge and skills. In addition, digitalization can eliminate distance and time constraints and help companies stay in close contact with key customers [34]. This can allow consumers to participate in the development and design of companies’ products and services [35], and thus receive feedback from the market. In the course of their operations, companies create, transmit, and store data, as well as access large amounts of data from external sources, which is in vain if they cannot analyze or manage (store, transmit, and create new data) properly. Therefore, data-related activities are an essential dimension of a company’s ability to digitize [14]. The issue of managing IS risks arises in this area [36]. Companies need permission to use the data they have access to [14]. The information must be used by local and international laws, but these laws frequently change. The introduction of the General Data Protection Regulation (GDPR) in Europe has highlighted shortcomings in data use [37]. The lawful use of data must be discussed with the external and internal stakeholders of the company, and their use must comply with the norms of the given social environment. Members of society may feel offended by the use of data in certain ways, which may also raise ethical questions [38]. In addition, digital technologies and infrastructure are challenged by the fact that they are not stationary, which results in different legal and regulatory requirements that must be taken into account when the digital tools used are located in a country other than the company using them, or even in different locations of multinational and transnational companies [39]. Digitalization in companies, closely related communication, and the use of interconnected and embedded systems increasingly require the protection of production lines, industrial systems, and corporate management systems from cyberattacks [40].

2.3. The Importance and Challenges of Security Awareness

In addition to the need to protect organizational data, according to new scientific research, the publication of information and measures related to IS and possible cyberattacks has several benefits for the company’s stakeholders. Two of the most important benefits are that IS disclosures can be informative for investors [41] and help mitigate the negative effects of a subsequent incident [42]. However, despite the recommendations of regulatory bodies and the results of the latest research, companies often do not publish cyberattacks or attempt to attack them [43]. There are several reasons for this finding. This is partly because sometimes the organization is not even aware that it has been the victim of a cyberattack, and months can pass between the occurrence and detection of the incident and the occurrence and containment of the incident [44]. According to Blumira’s [45] report, it takes an average of more than two hundred (212) days to detect an IS incident, and another 75 days are needed to resolve and close it. Another reason is the negative change in the company’s reputation, as well as the deterioration of the financial situation and value of the company. This manifests itself in the shaking of consumer confidence, which can lead to defection, thus reducing revenue. The damages have huge financial implications [46] too.

3. Methodology

As the primary goal of this study is to examine value chains, our goal is to find and identify potential critical points in value chains. Furthermore, we set the goal of breaking them down into processes and tracing vulnerabilities back to their root causes. Thus, the first step of this research was to review several studies and practical examples. Vulnerabilities mostly occur at the root level and can have a significant impact on the process of value creation. As a second step to the typification of vulnerabilities that pose a threat to the process, we used the fishbone or Ishikawa diagram to explore and identify the possible causes of a problem. At this point in the study, we should mention that at this stage of the research, we did not aim to assign specific values to each vulnerability and deliberately did not cover them.
Table 1 lists the vulnerabilities collected and identified in the first step, which were partially or fully incorporated into the Ishikawa diagram in the second step. Several international organizations and databases (CVE, ENISA, NIST) also deal with, manage, analyze, and record several different origins of vulnerabilities, which mostly approach vulnerabilities from a technical perspective. In contrast, in the present study, vulnerabilities are examined in a general manner, and vulnerabilities are considered to be any weak points or shortcomings that can be exploited by malicious third parties to gain an undue advantage or cause damage. Vulnerability refers to the factors that can potentially lead to vulnerability. Based on Table 1, the difference between vulnerability causes and sources can be illustrated as follows:
The fishbone diagram is named after its appearance, resembling a fish skeleton, and Kauro Ishikawa is credited with its development. This tool is particularly useful for categorizing the potential causes of a problem and ultimately identifying the root causes [59]. The fishbone diagram (Figure 1) was constructed using the following steps.
  • Defining the problem—it is essential to define the problem as specifically as possible, and then we looked for answers to questions starting with “Why.”
  • Subsequently, we added the individual elements of the value chain as the main causal categories.
  • Brainstorming about causes: gathering the reasons for each main category from the literature and practical examples and adding them to the diagram. Individual reasons were merged or assigned to several categories.
  • Search for additional reasons—As each reason was added to the chart, we looked for additional possible causes, checking to see if we had missed any potential additional causes.
The connection between the areas described thus far becomes obvious when we recognize the weaknesses induced by technological development.

4. Result

IS and the Value Chain

The integration of various Internet of Things (IoT) devices is a growing trend in commercial supply chains as well as in corporate operations, and this trend is expected to continue in the coming years. Therefore, there is a strong focus on the vulnerability of IoT devices, which can be influenced by several factors, including technology specifications, regulations, resource limitations, cloud computing, and regulations related to data storage and processing, the protection of big data, and cost reduction and optimization [60,61,62]. Although there are mitigating solutions for these potential vulnerabilities, they cannot be implemented without a complex and holistic approach [63,64]. The diversity of systems and technologies within each chain poses significant risks to the overall security of the chains. Therefore, the construction of chain security must start at the lowest level of each node and component and go all the way to a holistic ecosystem [65].
Based on the factors discussed thus far, an Ishikawa diagram was compiled (Figure 1), which, according to the authors, can potentially lead to an IS incident in the case of a company along Porter’s value chain.
As shown in Figure 1, at each point of the value chain, different problems and vulnerabilities can come into play, which can eventually lead to the potential development of an IS incident.

5. Conclusions

The root causes and sources of IS incidents in organizations can be external, internal, human, and non-human factors, and in more detail, they include hacker attacks, unauthorized access, intentional or unintentional acts, phishing, lost devices, industrial espionage, disgruntled employees, ransomware, etc. [49,53]. These vulnerabilities are summarized in this study in a new model (Figure 1) that can help managers understand the root causes and sources of IS incidents to be able to effectively address them. Overall, it can be said that by using a fishbone diagram, the roots of each problem can be easily accessed, and the individual relationships can also become transparent. However, it is worth emphasizing that with this method, we cannot identify the cause of all problems, only those that appear in the area under study.
The aim of their study was to create a complex model that would help company decision-makers identify critical points of IB and explore the causes of IB incidents. The Ishikawa diagram, which is suitable for examining causal problems and identifying root problems, has proven to be adequate for identifying the sources of IB incidents.
As can be seen from the study and the model, the source of the problems was identified along five main points on the side of the primary processes and four points in the case of the supporting processes. For each process, we have attempted to find the possible root causes. This is also to help companies reduce their vulnerability. The model we created is also significant because, although it combines two previously existing models (Porter + Ishikawa diagram), it shortens the path to identifying the root problem, as it combines the two previous models and highlights the relationships between the individual factors, and facilitates the creation of answers and solutions to the problems.
Considering the problems of the primary and supporting processes (risks, vulnerabilities, sources of vulnerability), we recommend the following points. Based on our own and international research, the recommendations are as follows [66,67]:
  • Management and upper levels of management must demonstrate exemplary behavior, which includes the creation of clear and enforceable rules with the involvement of employees.
  • Continuous IS education, IS awareness, and evaluation of the company as a whole, covering the entire company.
  • Regular consultations should be held with existing suppliers and partners on a monthly basis regarding common IS solutions and situational awareness.
  • The regular assessment of new and existing partners should also be carried out from an IT aspect, which includes the compatibility and vulnerability of the systems used, as well as the corporate culture from the IS side and its support.
  • Harmonization and continuous review of existing IS regulations and rules.
  • Close cooperation of universities/educational institutions from a research point of view as well and incorporating research results and their lessons into training and cooperation.
Industries should make use of the infrastructure and human resources available at universities for problem-solving, testing, and certification. The proposals mentioned in the last two points may represent progress mainly in connection with the rapidly appearing and developing standards and certifications of recent years, and the increase in IS awareness may also be manifested here.
The creation of the new model presented in the study will contribute to strengthening and improving the company’s competitive position. In addition, it provides valuable information and aspects for supply chain managers and key supply chain executives who seek to understand that IS risks can affect not only the company itself but also the entire supply chain. This effect can be most noticeable in the areas of communication, data flow, and cooperation. Information transmitted through an improperly chosen communication channel or the opening of a document from an untrusted source may damage the given ICT device and the company’s ICT infrastructure and may also affect the operation of partners.

Author Contributions

Conceptualization G.B. and R.R.; methodology G.B.; formal analysis G.B. and R.R.; resources, G.B.; writing—original draft preparation, G.B.; writing—review and editing, G.B. and R.R.; visualization, G.B.; supervision, R.R. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Szász, L.; Demeter, K.; Rácz, B.-G.; Losonci, D. Industry 4.0: A Review and Analysis of Contingency and Performance Effects. J. Manuf. Technol. Manag. 2020, 32, 667–694. [Google Scholar] [CrossRef]
  2. Asadollahi-Yazdi, E.; Couzon, P.; Nguyen, N.Q.; Ouazene, Y.; Yalaoui, F. Industry 4.0: Revolution or Evolution? Am. J. Oper. Res. 2020, 10, 241–268. [Google Scholar] [CrossRef]
  3. Dvoryadkina, E.B.; Mezentseva, E.; Animitsa, E.G. Advantages and Barriers of Industry 4.0 Concepts Implementation in Small and Medium Industrial Enterprises. SHS Web Conf. 2021, 93, 01007. [Google Scholar] [CrossRef]
  4. Fitzgerald, M.; Kruschwitz, N.; Bonnet, D.; Welch, M. Embracing Digital Technology: A New Strategic Imperative. MIT Sloan Manag. Rev. 2014, 55, 1–12. [Google Scholar]
  5. Wißotzki, M.; Sandkuhl, K.; Wichmann, J. Digital Innovation and Transformation: Approach and Experiences. In Architecting the Digital Transformation; Zimmermann, A., Schmidt, R., Jain, L., Eds.; Springer: Cham, Switzerland, 2021; pp. 9–36. [Google Scholar]
  6. Ahmad, M.U.; Murray, J. Understanding the Connect between Digitalisation, Sustainability and Performance of an Organisation. Int. J. Bus. Excell. 2019, 17, 83–96. [Google Scholar] [CrossRef]
  7. Kikovska–Georgievska, S. E-Commerce—Challenge for Sustainable Development of Companies. J. Sustain. Dev. 2013, 4, 71–83. [Google Scholar]
  8. Va, K.P. Reinventing the Art of Marketing in the Light of Digitalization and Neuroimaging. In Amity Global Business Review; Amity University Press: Noida, India, 2015; pp. 75–80. [Google Scholar]
  9. Csedő, Z.; Zavarkó, M.; Sára, Z. Is Digitalization an Innovation? Lessons from Digital Transformation and Innovation Management at a Financial Services Provider (Innováció-e a Digitalizáció? A Digitális Transzformáció és az Innovációmenedzsment Tanulságai Egy Pénzügyi Szolgáltatónál). Vezetéstudomány/Budap. Manag. Rev. 2019, 50, 88–101. (In Hungarian) [Google Scholar] [CrossRef]
  10. Vial, G. Understanding Digital Transformation: A Review and a Research Agenda. J. Strateg. Inf. Syst. 2019, 28, 118–144. [Google Scholar] [CrossRef]
  11. Cichosz, M.; Wallenburg, C.M.; Knemeyer, A.M. Digital Transformation at Logistics Service Providers: Barriers, Success Factors and Leading Practices. Int. J. Logist. Manag. 2020, 31, 209–238. [Google Scholar] [CrossRef]
  12. Kohli, R.; Melville, N.P. Digital Innovation: A Review and Synthesis. Inf. Syst. J. 2018, 29, 200–223. [Google Scholar] [CrossRef]
  13. Frey, C.B.; Osborne, M.A. The Future of Employment: How Susceptible Are Jobs to Computerisation? Technol. Forecast. Soc. Change 2017, 114, 254–280. [Google Scholar] [CrossRef]
  14. Ritter, T.; Pedersen, C.L. Digitization Capability and the Digitalization of Business Models in Business-to-Business Firms: Past, Present, and Future. Ind. Mark. Manag. 2020, 86, 180–190. [Google Scholar] [CrossRef]
  15. Demeter, K.; Losonci, D.; Szász, L.; Rácz, B.-G. Analysis of Industry 4.0 Practices in Hungarian Manufacturing Units—Technology, Strategy, Organization (Magyarországi Gyártóegységek Ipar 4.0 Gyakorlatának Elemzése—Technológia, Stratégia, Szervezet). Vezetéstudomány/Budap. Manag. Rev. 2020, 51, 2–14. (In Hungarian) [Google Scholar]
  16. Porter, M.E. Competitive Advantage: Creating and Sustaining Superior Performance; The Free Press: New York, NY, USA, 1985. [Google Scholar]
  17. Vörösmarty, G.; Tátrai, T.; Havasi, Z. The Role of Purchasing in the Hungarian Small and Medium Enterprises (A Beszerzés Helye és Szerepe a Magyarországi Kis- és Középvállalatoknál). Vezetéstudomány/Budap. Manag. Rev. 2010, 41, 36–44. (In Hungarian) [Google Scholar] [CrossRef]
  18. Chikán, A.; Demeter, K. Management of Value-Creating Processes—Production, Service, Logistics (Az Értékteremtő Folyamatok Menedzsmentje—Termelés, Szolgáltatás, Logisztika), 5th ed.; Aula Kiadó: Budapest, Hungary, 2006. (In Hungarian) [Google Scholar]
  19. Ricciotti, F. From Value Chain to Value Network: A Systematic Literature Review. Manag. Rev. Q. 2019, 70, 191–212. [Google Scholar] [CrossRef]
  20. Berke, S. Applying Assessment and Analysis Techniques to Businesses (Állapotfelmérési és Elemzési Technikák Alkalmazása Vállalkozásoknál); Kaposvári Egyetem—Pannon Egyetem—Szegedi Gabonakutató Nonprofit Kft: Kaposvár, Hungary, 2014. (In Hungarian) [Google Scholar]
  21. Dragolea, L.-L.; Butnaru, G.I.; Kot, S.; Zamfir, C.G.; Nuţă, A.-C.; Nuţă, F.-M.; Cristea, D.S.; Ştefănică, M. Determining factors in shaping the sustainable behavior of the generation Z consumer. Front. Environ. Sci. 2023, 11, 1096183. [Google Scholar] [CrossRef]
  22. Oláh, J.; Bai, A.; Karmazin, G.; Balogh, P.; Popp, J. The Role Played by Trust and Its Effect on the Competiveness of Logistics Service Providers in Hungary. Sustainability 2017, 9, 2303. [Google Scholar] [CrossRef]
  23. Tick, A.; Reka, S.; Judit, K.-D. The effect of digitalisation on sustainable operation of SMEs–the case of Hungary. In Possibilities and barriers for Industry 4.0 implementation in SMEs in V4 countries and Serbia; Mihajlović, I., Ed.; University of Belgrade, Technical Faculty in bor, EMD: Bor, Serbia, 2022; pp. 121–150. [Google Scholar]
  24. Xu, L.D.; Xu, E.L.; Li, L. Industry 4.0: State of the Art and Future Trends. Int. J. Prod. Res. 2018, 56, 2941–2962. [Google Scholar] [CrossRef]
  25. Reischauer, G. Industry 4.0 as Policy-Driven Discourse to Institutionalize Innovation Systems in Manufacturing. Technol. Forecast. Soc. Change 2018, 132, 26–33. [Google Scholar] [CrossRef]
  26. Moeuf, A.; Pellerin, R.; Lamouri, S.; Tamayo-Giraldo, S.; Barbaray, R. The Industrial Management of SMEs in the Era of Industry 4.0. Int. J. Prod. Res. 2018, 56, 1118–1136. [Google Scholar] [CrossRef]
  27. Santos, M.Y.; Martinho, B.; Silva, R.; Lima, R.M.; Costa, E.; Pimentel, C. A Big Data Analytics Architecture for Industry 4.0. In Innovation in Engineering; Azevedo, A., Ed.; Springer: Cham, Switzerland, 2017; pp. 175–184. [Google Scholar]
  28. Kang, H.S.; Lee, J.Y.; Choi, S.; Kim, H.; Park, J.H.; Son, J.Y.; Kim, B.H.; Do Noh, S. Smart Manufacturing: Past Research, Present Findings, and Future Directions. Int. J. Precis. Eng. Manuf.-Green Technol. 2016, 3, 111–128. [Google Scholar] [CrossRef]
  29. Schuh, G.; Potente, T.; Wesch-Potente, C.; Weber, A.R.; Prote, J.P. Collaboration Mechanism to Increase Productivity in the Context of Industrie 4.0. In Procedia CIRP, Proceedings of 2nd CIRP Robust Manufacturing Conference (RoMac 2014), Bremen, Germany, 7–9 July 2014; Elsevier: Amsterdam, The Netherlands, 2014; Volume 19, pp. 51–56. [Google Scholar]
  30. Götz, M.; Jankowska, B. Clusters and Industry 4.0—Do They Fit Together? Eur. Plan. Stud. 2020, 28, 1534–1553. [Google Scholar] [CrossRef]
  31. Wang, J.; Bai, T. How Digitalization Affects the Effectiveness of Turnaround Actions for Firms in Decline. Long Range Plann. 2021, 54, 102140. [Google Scholar] [CrossRef]
  32. Li, J.; Chen, L.; Yi, J.; Mao, J.; Liao, J. Ecosystem-Specific Advantages in International Digital Commerce. J. Int. Bus. Stud. 2019, 50, 1448–1463. [Google Scholar] [CrossRef]
  33. Williamson, P.J.; De Meyer, A. Ecosystem Advantage: How to Successfully Harness the Power of Partners. Calif. Manag. Rev. 2012, 55, 24–46. [Google Scholar] [CrossRef]
  34. Cao, Q.; Schniederjans, D.G.; Schniederjans, M. Establishing the Use of Cloud Computing in Supply Chain Management. Oper. Manag. Res. 2017, 10, 47–63. [Google Scholar] [CrossRef]
  35. Eggert, A.; Ulaga, W.; Frow, P.; Payne, A. Conceptualizing and Communicating Value in Business Markets: From Value in Exchange to Value in Use. Ind. Mark. Manag. 2018, 69, 80–90. [Google Scholar] [CrossRef]
  36. Eaton, T.V.; Grenier, J.H.; Layman, D. Accounting and Cybersecurity Risk Management. Curr. Issues Audit. 2019, 13, C1–C9. [Google Scholar] [CrossRef]
  37. Tankard, C. What the GDPR Means for Businesses. Netw. Secur. 2016, 2016, 5–8. [Google Scholar] [CrossRef]
  38. Zwitter, A. Big Data Ethics. Big Data Soc. 2014, 1, 1–6. [Google Scholar] [CrossRef]
  39. Nambisan, S. Digital Innovation and International Business. Innovation 2020, 24, 86–95. [Google Scholar] [CrossRef]
  40. Puskás, E. Industry 4.0 Solutions for Implementing Logistics Networks Based on the Physical Internet (Ipar 4.0 Megoldások a Fizikai Interneten Alapuló Logisztikai Hálózatok Megvalósításához). Ph.D. Thesis, Budapesti Műszaki és Gazdaságtudományi Egyetem, Budapest, Hungary, 2021. (In Hungarian). [Google Scholar]
  41. Frank, M.L.; Grenier, J.H.; Pyzoha, J.S. How Disclosing a Prior Cyberattack Influences the Efficacy of Cybersecurity Risk Management Reporting and Independent Assurance. J. Inf. Syst. 2019, 33, 183–200. [Google Scholar] [CrossRef]
  42. Wang, T.; Kannan, K.N.; Ulmer, J.R. The Association between the Disclosure and the Realization of Information Security Risk Factors. Inf. Syst. Res. 2013, 24, 201–218. [Google Scholar] [CrossRef]
  43. Amir, E.; Levi, S.; Livne, T. Do Firms Underreport Information on Cyber-Attacks? Evidence from Capital Markets. Rev. Account. Stud. 2018, 2, 1177–1206. [Google Scholar] [CrossRef]
  44. Johnson, J. Median Time Period Between Intrusion, Detection, and Containment of Industrial Cyber Attacks Worldwide from 2014 to 2019. Available online: https://www.statista.com/statistics/221406/time-between-initial-compromise-and-discovery-of-larger-organizations/ (accessed on 25 May 2022).
  45. Blumira. State of Detection and Response Report. Available online: https://www.blumira.com/whitepaper/state-of-detection-and-response/ (accessed on 15 September 2022).
  46. Masuch, K.; Greve, M.; Trang, S.; Kolbe, L.M. Apologize or Justify? Examining the Impact of Data Breach Response Actions on Stock Value of Affected Companies. Comput. Secur. 2022, 112, 102502. [Google Scholar] [CrossRef]
  47. Evans, M.; He, Y.; Maglaras, L.; Janicke, H. Heart-Is: A Novel Technique for Evaluating Human Error-Related Information Security Incidents. Comput. Secur. 2019, 80, 74–89. [Google Scholar] [CrossRef]
  48. Parsons, K.; Calic, D.; Pattinson, M.; Butavicius, M.; McCormac, A.; Zwaans, T. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies. Comput. Secur. 2017, 66, 40–51. [Google Scholar] [CrossRef]
  49. Waly, N.; Tassabehji, R.; Kamala, M. Improving Organisational Information Security Management: The Impact of Training and Awareness. In Proceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communication & 9th International Conference on Embedded Software and Systems, Liverpool, UK, 24–26 June 2012; pp. 1270–1275. [Google Scholar]
  50. Kraemer, S.; Carayon, P.; Clem, J. Human and Organizational Factors in Computer and Information Security: Pathways to Vulnerabilities. Comput. Secur. 2009, 28, 509–520. [Google Scholar] [CrossRef]
  51. Singh, A.; Chatterjee, K. Cloud Security Issues and Challenges: A Survey. J. Netw. Comput. Appl. 2017, 79, 88–115. [Google Scholar] [CrossRef]
  52. Alguliyev, R.; Imamverdiyev, Y.; Sukhostat, L. Cyber-Physical Systems and Their Security Issues. Comput. Ind. 2018, 100, 212–223. [Google Scholar] [CrossRef]
  53. Tawalbeh, L.; Muheidat, F.; Tawalbeh, M.; Quwaider, M. IoT Privacy and Security: Challenges and Solutions. Appl. Sci. 2020, 10, 4102. [Google Scholar] [CrossRef]
  54. Connolly, L.Y.; Lang, M.; Gathegi, J.; Tygar, D.J. Organisational Culture, Procedural Countermeasures, and Employee Security Behaviour. Inf. Comput. Secur. 2017, 25, 118–136. [Google Scholar] [CrossRef]
  55. Tsohou, A.; Karyda, M.; Kokolakis, S. Analyzing the Role of Cognitive and Cultural Biases in the Internalization of Information Security Policies: Recommendations for Information Security Awareness Programs. Comput. Secur. 2015, 52, 128–141. [Google Scholar] [CrossRef]
  56. Ali, R.F.; Dominic, P.D.D.; Ali, S.E.; Rehman, M.; Sohail, A. Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance. Appl. Sci. 2021, 11, 3383. [Google Scholar] [CrossRef]
  57. Bulgurcu, B.; Cavusoglu, H.; Benbasat, I. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Q. 2010, 34, 523–548. [Google Scholar] [CrossRef]
  58. Srinivas, J.; Das, A.K.; Kumar, N. Government Regulations in Cyber Security: Framework, Standards and Recommendations. Future Gener. Comput. Syst. 2019, 92, 178–188. [Google Scholar] [CrossRef]
  59. Ishikawa, K. Introduction to Quality Control; 3A Corporation: Tokyo, Japan, 1990. [Google Scholar]
  60. Poudel, S. Internet of Things: Underlying Technologies, Interoperability, and Threats to Privacy and Security. Berkeley Technol. Law J. 2016, 31, 997–1022. [Google Scholar]
  61. Seliem, M.; Elgazzar, K.; Khalil, K. Towards Privacy Preserving IoT Environments: A Survey. Wirel. Commun. Mob. Comput. 2018, 2018, 1–15. [Google Scholar] [CrossRef]
  62. Shon, T.; Cho, J.; Han, K.; Choi, H. Toward Advanced Mobile Cloud Computing for the Internet of Things: Current Issues and Future Direction. Mob. Netw. Appl. 2014, 19, 404–413. [Google Scholar] [CrossRef]
  63. Singh, J.; Pasquier, T.; Bacon, J.; Ko, H.; Eyers, D. Twenty Security Considerations for Cloud-Supported Internet of Things. IEEE Internet Things J. 2016, 3, 269–284. [Google Scholar] [CrossRef]
  64. Mendes, R.; Vilela, J.P. Privacy-Preserving Data Mining: Methods, Metrics, and Applications. IEEE Access 2017, 5, 10562–10582. [Google Scholar] [CrossRef]
  65. Sobb, T.; Turnbull, B.; Moustafa, N. Supply Chain 4.0: A Survey of Cyber Security Challenges, Solutions and Future Directions. Electronics 2020, 9, 1864. [Google Scholar] [CrossRef]
  66. Mahfuth, A.; Yussof, S.; Abu Baker, A.; Ali, N. A Systematic Literature Review: Information Security Culture. In Proceedings of the 2017 International Conference on Research and Innovation in Information Systems (ICRIIS), Kuala Lumpur, Malaysia, 16–17 October 2017; pp. 1–6. [Google Scholar]
  67. Pereira, A.C.; Romero, F. A Review of the Meanings and the Implications of the Industry 4.0 Concept. Procedia Manuf. 2017, 13, 1206–1214. [Google Scholar] [CrossRef]
Engproc 113 00057 g001
Figure 1. Possible causes of IS incidents based on the elements of the value chain.
Figure 1. Possible causes of IS incidents based on the elements of the value chain.
Engproc 113 00057 g001
Table 1. Sources of vulnerability in the enterprise. Source: Own edit.
Table 1. Sources of vulnerability in the enterprise. Source: Own edit.
Source of
Vulnerability		Vulnerability CauseSource
Human factorError, inattentionEvans et al. [47], Parsons et al. [48]
Lack of trainingWaly et al. [49]
Low IS knowledge and awareness.Parsons, Calic, Pattinson, Butavicius, McCormac and Zwaans [48]
TechnologyInadequate IT settings, low level of IT infrastructure/protectionKraemer et al. [50], Singh and Chatterjee [51], Alguliyev et al. [52]
Irregular updatesTawalbeh et al. [53]
Leadership, cultureLack of management/management support, inadequate corporate cultureConnolly et al. [54], Tsohou et al. [55]
DirectiveNo or inadequate policies or regulationsAli et al. [56], Bulgurcu et al. [57]
External factorsRules and regulationsSrinivas et al. [58]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Bak, G.; Reicher, R. Relationship of the Security Awareness and the Value Chain. Eng. Proc. 2025, 113, 57. https://doi.org/10.3390/engproc2025113057

AMA Style

Bak G, Reicher R. Relationship of the Security Awareness and the Value Chain. Engineering Proceedings. 2025; 113(1):57. https://doi.org/10.3390/engproc2025113057

Chicago/Turabian Style

Bak, Gerda, and Regina Reicher. 2025. "Relationship of the Security Awareness and the Value Chain" Engineering Proceedings 113, no. 1: 57. https://doi.org/10.3390/engproc2025113057

APA Style

Bak, G., & Reicher, R. (2025). Relationship of the Security Awareness and the Value Chain. Engineering Proceedings, 113(1), 57. https://doi.org/10.3390/engproc2025113057

Article Metrics

Back to TopTop